Cms: Refactoring

modules/cms-kit/host/Volo.CmsKit.Web.Unified/CmsKitWebUnifiedModule.cs

@@ -169,9 +169,15 @@ public class CmsKitWebUnifiedModule : AbpModule
         {
             options.EntityTypes.Add(new CommentEntityTypeDefinition("quote"));
             options.IsRecaptchaEnabled = true;
-            options.AllowedExternalUrls = new List<string>
+            options.AllowedExternalUrls = new Dictionary<string, List<string>>
             {
-                "https://abp.io/"
+                {
+                    "quote",
+                    new List<string>
+                    {
+                        "https://abp.io/"
+                    }
+                }
             };
         });
 

modules/cms-kit/host/Volo.CmsKit.Web.Unified/Pages/Index.cshtml

@@ -90,7 +90,7 @@
     <abp-column size-md="_12">
         @if (GlobalFeatureManager.Instance.IsEnabled<CommentsFeature>())
         {
-            @await Component.InvokeAsync(typeof(CommentingViewComponent), new {entityType = "quote", entityId = "2", allowExternalUrls = false})
+            @await Component.InvokeAsync(typeof(CommentingViewComponent), new {entityType = "quote", entityId = "2"})
         }
     </abp-column>
 </abp-row>

modules/cms-kit/src/Volo.CmsKit.Domain.Shared/Volo/CmsKit/Comments/CmsKitCommentOptions.cs

@@ -15,7 +15,7 @@ public class CmsKitCommentOptions
     public bool IsRecaptchaEnabled { get; set; }
 
     /// <summary>
-    /// Indicates the allowed external URLs, which can be included in a comment.
+    /// Indicates the allowed external URLs by entity types, which can be included in a comment.
     /// </summary>
-    public List<string> AllowedExternalUrls { get; set; } = new();
+    public Dictionary<string, List<string>> AllowedExternalUrls { get; set; } = new();
 }

modules/cms-kit/src/Volo.CmsKit.Public.Application.Contracts/Volo/CmsKit/Public/Comments/CreateCommentInput.cs

@@ -17,6 +17,4 @@ public class CreateCommentInput
     public Guid? CaptchaToken { get; set; }
     
     public int CaptchaAnswer { get; set; }
-
-    public bool AllowExternalUrls { get; set; } = true;
 }

modules/cms-kit/src/Volo.CmsKit.Public.Application.Contracts/Volo/CmsKit/Public/Comments/CreateCommentWithParametersInput.cs

@@ -18,8 +18,6 @@ public class CreateCommentWithParametersInput
     [Required]
     public string EntityId { get; set; }
 
-    public bool AllowExternalUrls { get; set; } = true;
-
     public Guid? RepliedCommentId { get; set; }
     
     public Guid? CaptchaToken { get; set; }

modules/cms-kit/src/Volo.CmsKit.Public.Application.Contracts/Volo/CmsKit/Public/Comments/UpdateCommentInput.cs

@@ -14,6 +14,4 @@ public class UpdateCommentInput : IHasConcurrencyStamp
     public string Text { get; set; }
 
     public string ConcurrencyStamp { get; set; }
-
-    public bool AllowExternalUrls { get; set; } = true;
 }

modules/cms-kit/src/Volo.CmsKit.Public.Application/Volo/CmsKit/Public/Comments/CommentPublicAppService.cs

@@ -61,7 +61,7 @@ public class CommentPublicAppService : CmsKitPublicAppServiceBase, ICommentPubli
     [Authorize]
     public virtual async Task<CommentDto> CreateAsync(string entityType, string entityId, CreateCommentInput input)
     {
-        CheckExternalUrls(input.AllowExternalUrls, input.Text);
+        CheckExternalUrls(entityType, input.Text);
         
         var user = await CmsUserLookupService.GetByIdAsync(CurrentUser.GetId());
 
@@ -93,14 +93,13 @@ public class CommentPublicAppService : CmsKitPublicAppServiceBase, ICommentPubli
     [Authorize]
     public virtual async Task<CommentDto> UpdateAsync(Guid id, UpdateCommentInput input)
     {
-        CheckExternalUrls(input.AllowExternalUrls, input.Text);
-
         var comment = await CommentRepository.GetAsync(id);
-
         if (comment.CreatorId != CurrentUser.GetId())
         {
             throw new AbpAuthorizationException();
         }
+        
+        CheckExternalUrls(comment.EntityType, input.Text);
 
         comment.SetText(input.Text);
         comment.SetConcurrencyStampIfNotNull(input.ConcurrencyStamp);
@@ -158,18 +157,13 @@ public class CommentPublicAppService : CmsKitPublicAppServiceBase, ICommentPubli
         return ObjectMapper.Map<CmsUser, CmsUserDto>(comments.Single(c => c.Comment.Id == commentId).Author);
     }
 
-    private void CheckExternalUrls(bool allowExternalUrls, string text)
+    private void CheckExternalUrls(string entityType, string text)
     {
-        if (allowExternalUrls)
+        if (!CmsCommentOptions.AllowedExternalUrls.TryGetValue(entityType, out var allowedExternalUrls))
         {
             return;
         }
 
-        if (!CmsCommentOptions.AllowedExternalUrls.Any())
-        {
-            throw new UserFriendlyException(L["UnAllowedExternalUrlMessage"]);
-        }
-
         var matches = Regex.Matches(text, RegexMarkdownUrlPattern,
             RegexOptions.Compiled | RegexOptions.IgnoreCase);
 
@@ -180,14 +174,14 @@ public class CommentPublicAppService : CmsKitPublicAppServiceBase, ICommentPubli
                 continue;
             }
 
-            var url = match.Groups[1].Value;
+            var url = NormalizeUrl(match.Groups[1].Value);
             if (!IsExternalUrl(url))
             {
                 continue;
             }
 
-            if (!CmsCommentOptions.AllowedExternalUrls.Contains(url.Replace("www.", "").RemovePostFix("/"),
-                    StringComparer.InvariantCultureIgnoreCase))
+            if (!allowedExternalUrls.Any(allowedExternalUrl =>
+                    url.Contains(NormalizeUrl(allowedExternalUrl), StringComparison.OrdinalIgnoreCase)))
             {
                 throw new UserFriendlyException(L["UnAllowedExternalUrlMessage"]);
             }
@@ -199,4 +193,9 @@ public class CommentPublicAppService : CmsKitPublicAppServiceBase, ICommentPubli
         return url.StartsWith("https", StringComparison.InvariantCultureIgnoreCase) ||
                url.StartsWith("http", StringComparison.InvariantCultureIgnoreCase);
     }
+
+    private static string NormalizeUrl(string url)
+    {
+        return url.Replace("www.", "").RemovePostFix("/");
+    }
 }

modules/cms-kit/src/Volo.CmsKit.Public.Web/Pages/CmsKit/Shared/Components/Commenting/CommentingViewComponent.cs

@@ -60,8 +60,7 @@ public class CommentingViewComponent : AbpViewComponent
     public virtual async Task<IViewComponentResult> InvokeAsync(
         string entityType,
         string entityId,
-        IEnumerable<string> referralLinks = null,
-        bool allowExternalUrls = true)
+        IEnumerable<string> referralLinks = null)
     {
         referralLinks ??= Enumerable.Empty<string>();
         var comments = (await CommentPublicAppService
@@ -73,7 +72,6 @@ public class CommentingViewComponent : AbpViewComponent
         {
             EntityId = entityId,
             EntityType = entityType,
-            AllowExternalUrls = allowExternalUrls,
             ReferralLinks = referralLinks,
             LoginUrl = loginUrl,
             Comments = comments.OrderByDescending(i => i.CreationTime).ToList()
@@ -124,8 +122,6 @@ public class CommentingViewComponent : AbpViewComponent
 
         public string EntityId { get; set; }
 
-        public bool AllowExternalUrls { get; set; }
-        
         public IEnumerable<string> ReferralLinks { get; set; }
 
         public string LoginUrl { get; set; }

modules/cms-kit/src/Volo.CmsKit.Public.Web/Pages/CmsKit/Shared/Components/Commenting/Default.cshtml

@@ -32,7 +32,6 @@
           style="@(string.IsNullOrEmpty(repliedCommentId?.ToString() ?? "") ? "" : "display:none")">
         <form class="cms-comment-form">
             <input hidden value="@(repliedCommentId?.ToString() ?? "")" name="repliedCommentId" />
-            <input hidden asp-for="Input.AllowExternalUrls" name="allowExternalUrls" />
             <div class="row">
                 <div class="col">
                     <div class="mb-3 m-0">
@@ -121,7 +120,6 @@
         <div class="card bg-light p-3 mx-0 mt-3">
             <form class="cms-comment-update-form">
                 <input hidden value="@id.ToString()" name="id" />
-                <input hidden asp-for="Input.AllowExternalUrls" name="allowExternalUrls" />
                 <div class="row">
                     <div class="col">
                         <div class="mb-3 m-0">

modules/cms-kit/src/Volo.CmsKit.Public.Web/Pages/CmsKit/Shared/Components/Commenting/default.js

@@ -115,8 +115,7 @@
                         formAsObject.id,
                         {
                             text: formAsObject.commentText,
-                            concurrencyStamp: formAsObject.commentConcurrencyStamp,
-                            allowExternalUrls: formAsObject.allowExternalUrls
+                            concurrencyStamp: formAsObject.commentConcurrencyStamp
                         }
                     ).then(function () {
                         widgetManager.refresh($widget);
@@ -152,8 +151,7 @@
                             repliedCommentId: formAsObject.repliedCommentId,
                             text: formAsObject.commentText,
                             captchaToken: formAsObject.captchaId,
-                            captchaAnswer: formAsObject.input?.captcha,
-                            allowExternalUrls: formAsObject.allowExternalUrls
+                            captchaAnswer: formAsObject.input?.captcha
                         }),
                         success: function () {
                             widgetManager.refresh($widget);

modules/cms-kit/test/Volo.CmsKit.Application.Tests/CmsKitApplicationTestModule.cs

@@ -14,7 +14,16 @@ public class CmsKitApplicationTestModule : AbpModule
     {
         Configure<CmsKitCommentOptions>(options =>
         {
-            options.AllowedExternalUrls = new List<string> { "https://abp.io" };
+            options.AllowedExternalUrls = new Dictionary<string, List<string>>
+            {
+                {
+                    "EntityName1",
+                    new List<string>
+                    {
+                        "https://abp.io/"
+                    }
+                }
+            };
         });
     }
 }

modules/cms-kit/test/Volo.CmsKit.Application.Tests/Comments/CommentPublicAppService_Tests.cs

@@ -72,10 +72,10 @@ public class CommentPublicAppService_Tests : CmsKitApplicationTestBase
             await _commentAppService.CreateAsync(
                 _cmsKitTestData.EntityType1,
                 _cmsKitTestData.EntityId1,
-                new CreateCommentInput {
+                new CreateCommentInput 
+                {
                     RepliedCommentId = null,
                     Text = "[ABP Community](https://community.abp.io/)", //not allowed URL
-                    AllowExternalUrls = false
                 }
             ));
     }
@@ -102,14 +102,14 @@ public class CommentPublicAppService_Tests : CmsKitApplicationTestBase
     [Fact]
     public async Task UpdateAsync_ShouldThrowUserFriendlyException_If_Url_UnAllowed()
     {
-        _currentUser.Id.Returns(_cmsKitTestData.User2Id);
+        _currentUser.Id.Returns(_cmsKitTestData.User1Id);
 
         await Should.ThrowAsync<UserFriendlyException>(async () =>
             await _commentAppService.UpdateAsync(
                 _cmsKitTestData.CommentWithChildId,
-                new UpdateCommentInput {
+                new UpdateCommentInput 
+                {
                     Text = "[ABP Community - Update](https://community.abp.io/)", //not allowed URL
-                    AllowExternalUrls = false
                 }
             ));
     }